The Large v4 TDX Edition is not a separate server model. It is the same Large v4 chassis (SYS-221BT-HNR) with all 16 DIMM slots populated to reach 1 TB of DDR5-5200 ECC memory, which activates Intel Trust Domain Extensions (TDX) by default. TDX creates hardware-enforced isolation boundaries around virtual machines, protecting their memory from the host OS, hypervisor, and adjacent workloads at the CPU level. This configuration targets regulated industries, multi-tenant SaaS providers, and any workload where tenant isolation must be provable rather than assumed. Deploy a Large v4 TDX Edition in Ashburn, Los Angeles, Amsterdam, or Singapore on fixed monthly pricing.
Key Takeaways
- Hardware-enforced VM isolation: Intel TDX creates Trust Domains (TDs) that encrypt VM memory with per-TD keys managed by the CPU. The hypervisor, host OS, and other VMs cannot read or tamper with a TD’s memory, even with root access to the host.
- 1 TB DDR5-5200 across all 16 DIMM slots: Doubling the base Large v4’s memory fills all open slots, enabling TDX and providing capacity for memory-intensive regulated workloads like encrypted database hosting, PHI processing, and multi-tenant SaaS isolation.
- SGX enclaves available alongside TDX: Intel SGX provides application-level encrypted enclaves for key management, certificate signing, and sensitive computation, independent of TDX’s VM-level isolation. Both technologies run concurrently on the same hardware.
- No hypervisor licensing or attestation fees: TDX runs on OpenMetal’s dedicated bare metal with no VMware, no cloud attestation service charges, and no per-VM confidential computing surcharges.
- HIPAA-eligible with hardware-level isolation: OpenMetal is HIPAA compliant at the organizational level and offers BAAs. TDX adds a hardware isolation layer that strengthens the compliance posture for PHI workloads beyond what software-only isolation provides.
- Same fixed-cost model: The TDX Edition uses the same 95th-percentile egress billing and fixed monthly pricing as the standard Large v4. No per-GB egress charges.
Server Configuration at a Glance
| Component | Specification |
|---|---|
| Processor | 2x Intel Xeon Gold 6526Y (Emerald Rapids, Intel 7) |
| Total Cores / Threads | 32 cores / 64 threads |
| Base / Max Turbo Frequency | 2.8 GHz / 3.9 GHz |
| L3 Cache | 37.5 MB per processor (75 MB total) |
| TDP | 225W per processor |
| Memory | 1,024 GB (1 TB) DDR5-5200 ECC (16 DIMM slots, 16 populated) |
| Intel TDX | Enabled by default (1 TB threshold met) |
| Intel SGX | Available |
| TME-MK | Active (per-tenant memory encryption keys) |
| Boot Storage | 2x 960 GB SSD in RAID 1 (dedicated OS drives) |
| Data Storage | 2x 6.4 TB Micron 7500 MAX NVMe (12.8 TB total) |
| Max Drive Bays | 6 drives |
| Private Bandwidth | 20 Gbps (2x 10 Gbps LACP bonded) |
| Public Bandwidth | 4 Gbps (burst up to 40 Gbps) |
| Network SLA | 99.96% base (actual >99.99% since 2022) |
| DDoS Protection | Included, up to 10 Gbps per IP |
| PCIe | PCIe 5.0, 88 lanes per processor |
| Remote Management | Full IPMI access (power, console, BIOS, OS install) |
| Compliance | HIPAA-eligible (Ashburn, Los Angeles); SOC 1/2, ISO 27001, PCI-DSS (facility-level, varies by location) |
| Pricing | Fixed monthly — see openmetal.io/bare-metal-pricing |
Large v4 TDX Edition component architecture: dual-socket Xeon Gold 6526Y, 1 TB DDR5-5200, Intel TDX Trust Domains, boot/data drive isolation
Ready to Deploy a Large v4 TDX Edition?
Tell us about your confidential computing requirements and we’ll help you configure the right deployment — standalone bare metal with TDX enabled, or a Hosted Private Cloud cluster with hardware-isolated tenancy.
Security and Confidential Computing
TDX is the centerpiece of this configuration. Each Trust Domain (TD) is a hardware-isolated virtual machine whose memory is encrypted with a unique key managed by Intel’s Trust Domain Resource Manager (TDRM) inside the CPU. The hypervisor can schedule and manage TDs but cannot read or modify their memory contents. This isolation is enforced by the CPU’s memory controller, not by software, meaning a compromised hypervisor or host OS cannot access TD memory. Practical implications for OpenMetal deployments include multi-tenant SaaS (each customer tenant runs in its own TD with provable isolation), regulated data processing (PHI, PCI cardholder data, and financial records protected from host-level access), and key management (HashiCorp Vault or KMIP servers running inside a TD where encryption keys are never exposed to the host OS). TDX requires the 1 TB RAM configuration (all 16 DIMM slots populated). This is a customer-initiated upgrade on the standard Large v4. Contact OpenMetal to schedule the upgrade on a deployed server, or order a new Large v4 with 1 TB pre-installed.
SGX operates at the application level, independent of TDX. SGX enclaves protect specific code and data segments inside encrypted memory regions that are inaccessible to the OS, hypervisor, and other applications. SGX and TDX can run concurrently: TDX isolates entire VMs while SGX protects specific processes within those VMs. Use cases on OpenMetal include certificate authority operations, secure key derivation, privacy-preserving analytics, and blockchain validator key protection. TME-MK encrypts all DRAM with AES-XTS using per-tenant cryptographic keys, active regardless of whether TDX or SGX is in use, protecting against physical memory scraping and cold boot attacks.
- AES-NI: Hardware-accelerated AES for TLS termination, full-disk encryption (LUKS), and IPsec/WireGuard VPN without CPU overhead.
- Boot Guard: Firmware integrity verification during boot, preventing rootkit injection before the OS loads.
- Control-Flow Enforcement Technology (CET): Hardware protection against ROP/JOP attacks .
For a step-by-step guide, see the Enabling Intel SGX and TDX guide page.
Intel Xeon Gold 6526Y for Confidential Computing
The 6526Y’s role in the TDX Edition is to enforce hardware isolation boundaries. Each of the 32 cores (64 threads) can host Trust Domains, with the CPU’s memory controller handling per-TD encryption transparently. The 2.8 GHz base clock and 3.9 GHz turbo maintain strong per-core performance even with TDX active, as the encryption/decryption overhead is handled in the memory controller pipeline, not by the cores themselves.
Intel AMX (Advanced Matrix Extensions) remains available inside Trust Domains, allowing INT8/BF16 ML inference workloads to run with both hardware acceleration and hardware isolation. AVX-512 is similarly available for vectorized compute inside TDs.
1 TB DDR5-5200 (Full Population)
All 16 DIMM slots are populated with DDR5-5200 ECC registered memory, doubling the standard Large v4’s 512 GB configuration. Aggregate memory bandwidth reaches approximately 665 GB/s (unchanged from the base config since channels remain the same, but all slots are now populated for TDX activation).
The 1 TB capacity supports memory-intensive confidential workloads: encrypted in-memory databases (PostgreSQL, Redis) holding large regulated datasets entirely in RAM, multi-tenant SaaS platforms running dozens of isolated TDs simultaneously, and ML inference pipelines processing sensitive data inside Trust Domains. With TDX active, each TD’s memory allocation is hardware-encrypted, so the 1 TB pool can be divided across multiple TDs without cross-tenant exposure.
Micron 7500 MAX NVMe
The TDX Edition ships with the same storage layout as the standard Large v4: 2x 960 GB boot SSDs in RAID 1 for OS redundancy, and 2x 6.4 TB Micron 7500 MAX NVMe data drives (12.8 TB total). Boot/data isolation keeps system I/O off the data drives. For confidential workloads, pair NVMe storage with LUKS full-disk encryption (hardware-accelerated by AES-NI) so data at rest is encrypted independently of TDX’s in-memory protections. The chassis supports up to 6 total drives for additional capacity.
For full NVMe performance specs, see the standard Large v4 hardware details page.
Networking
Dual 10 Gbps NICs (LACP bonded, 20 Gbps aggregate) for private traffic on customer-specific VLANs. 4 Gbps public bandwidth with burst to 40 Gbps. Private network traffic is included. TDX does not affect network performance; isolation boundaries apply to memory, not to network I/O. For confidential computing deployments, the private VLAN ensures east-west traffic between Trust Domain hosts stays off the public internet. Combine with IPsec or WireGuard (AES-NI accelerated) for encrypted inter-node communication if required by compliance policy.
Egress pricing: 95th-percentile billing, not per-GB transfer.
Public egress is billed on 95th-percentile measurement, not per-GB transfer. On OpenMetal, a server that bursts to 10 Gbps during a deployment window but averages 2 Gbps pays for the 95th-percentile rate, not for every byte transferred.
HIPAA and Regulatory Compliance
OpenMetal is HIPAA compliant at the organizational level and offers Business Associate Agreements (BAAs). Facility certifications are held by the facility operator:
- Ashburn, VA: SOC1/2 Type II, ISO 27001, PCI DSS, NIST 800-53 HIGH, HIPAA
- Los Angeles, CA: SOC1/2, ISO 27001, PCI-DSS, HIPAA
- Amsterdam, NL: SOC Type 1/2, PCI-DSS, ISO 27001, ISO 50001, ISO 22301
- Singapore: BCA Green Mark Platinum
TDX adds a hardware isolation layer on top of these facility and organizational certifications. For workloads subject to HIPAA, PCI DSS, SOX, or GDPR, the combination of OpenMetal’s BAA, facility certifications, and TDX hardware isolation provides a multi-layer compliance foundation.
Recommended Workloads on the Large v4 TDX Edition
Regulated financial workloads
Run trading engines, risk calculation systems, and transaction processing inside TDs where market data and customer financial records are hardware-isolated from the host. TDX satisfies SOX and PCI DSS requirements for provable workload isolation without the cost of dedicated physical hardware per tenant. Pair with SGX enclaves for HSM-equivalent key protection.
Healthcare PHI processing
Process Protected Health Information inside Trust Domains where data is encrypted in memory and inaccessible to the host OS. OpenMetal’s organizational HIPAA compliance plus BAA support, combined with TDX hardware isolation, provides a defense-in-depth posture for EHR systems, medical imaging pipelines, and clinical analytics. Large v4 TDX servers deployed in Ashburn and Los Angeles are hosted in HIPAA-compliant facilities.
Multi-tenant SaaS isolation
SaaS providers can run each customer tenant in a separate Trust Domain on shared hardware. Unlike software-based isolation (containers, VMs with shared hypervisor memory), TDX guarantees that one tenant’s memory cannot be read by another, even if the hypervisor is compromised. This enables higher-density multi-tenancy without sacrificing the isolation guarantees that enterprise customers require.
Key management and certificate authority
Run HashiCorp Vault, KMIP servers, or custom PKI infrastructure inside SGX enclaves nested within TDX Trust Domains. Encryption keys never exist in plaintext outside the enclave, and the enclave itself is protected from the host by TDX. Eliminates the need for dedicated physical HSM appliances for most key management use cases.
Sovereign cloud and data residency
Organizations subject to data sovereignty requirements (GDPR, regional data residency laws) can use TDX to prove that data processed on shared infrastructure is cryptographically isolated. Deploy in Amsterdam for EU data residency or Singapore for APAC requirements. The hardware-enforced isolation model satisfies auditors who require more than contractual guarantees.
Privacy-preserving ML inference
Run inference pipelines on sensitive datasets (medical records, financial data, PII) inside Trust Domains where the model inputs and outputs are never exposed to the host. Intel AMX acceleration is available inside TDs for INT8/BF16 matrix operations, so confidential inference does not sacrifice throughput. For GPU-class training, OpenMetal offers A100 and H100 servers in the same facilities.
Ready to Deploy a Large v4 TDX Edition?
Tell us about your confidential computing requirements and we’ll help you configure the right deployment — standalone bare metal with TDX enabled, or a Hosted Private Cloud cluster with hardware-isolated tenancy.
Large v4 TDX Edition Deployment Options
Bare Metal Dedicated Server with TDX
Order a new Large v4 with 1 TB RAM pre-installed (TDX enabled out of the box), or upgrade an existing Large v4 by contacting OpenMetal to schedule a RAM upgrade. Full root access and IPMI remote management. Fixed monthly pricing with rate locks up to 5 years. Ramp pricing available for migrations.
→ View pricing: openmetal.io/bare-metal-pricing
Get a Large v4 TDX Quote
Ready to deploy with confidential computing? Tell us about your isolation and compliance requirements.
- Bare metal: Single-server or multi-server TDX deployments with full root access and IPMI
- Hosted Private Cloud: Three-node TDX-enabled OpenStack + Ceph clusters with Day 2 operations
- Custom configurations: Additional NVMe drives, SGX enclave sizing, attestation setup
Ramp pricing available for migrations. All deployments include fixed monthly pricing, 99.96%+ network SLA, and DDoS protection.
Specifications, pricing, and availability are subject to change without notice. The information on this page is provided for general guidance and does not constitute a contractual commitment. Contact OpenMetal for current configuration details and pricing.